PT-2026-33692

A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove api keys/has api terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be...

PT-2026-33719

A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get agent execution/update agent execution of the file superagi/controllers/agent execution.py of the component Agent Execution Endpoint. Executing a manipulation of the argument agent execution ...

PT-2026-33704

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create project/encrypt auth settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth...

PT-2026-33759

A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulation of the argument pathname results in path traversal. It is possible to initiate the attack...

PT-2026-33756

Name of the Vulnerable Software and Affected Versions usememos memos versions prior to 0.22.2 Description Improper authorization occurs in the UpdateInstanceSetting component within the file src/App.tsx. Specifically, manipulating the additionalStyle or additionalScript arguments in the memos...

PT-2026-33690

A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of the component HTTP GET Parameter Handler. The manipulation of the argument bus id leads to sql...

PT-2026-33718

A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulation of the argument SECRET KEY results in use of hard-coded cryptographic key . Remote exploitation ...

PT-2026-33713

A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api generate of the component Worker API Endpoint. The manipulation leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed publicly and may be...

PT-2026-33706

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

ROS-20260420-73-0007

A vulnerability in the TSRESPverifyresponse function of the OpenSSL library is related to insufficient checking for unusual or exceptional states. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

PT-2026-33688

A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument proto /constructor.prototype/prototype can lead to improperly controlled modification of object prototype attributes. The attack may be performed from remote. The...

PT-2026-33760

A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been made public and could be used. The...

PT-2026-33721

A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get project/update project/get projects organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The attack may be...

PT-2026-33755

A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang backend account/logic/admin/L rbac admin.php of the component Extended Management Module. The manipulation of the argument Account results in cross site scripting...

PT-2026-33714

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

PT-2026-33780

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb users/plugin/AppCentre/app upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available...

PT-2026-33711

A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function get bytes from web url of the file src/agentscope/ utils/ common.py of the component Internal Service. Performing a manipulation results in server-side request forgery. It is possible to initiate...

PT-2026-33710

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parse url/prepare image/openai audio to text of the file src/agentscope/tool/ multi modality/ openai tools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

PT-2026-33809

A vulnerability was found in ericc-ch copilot-api up to 0.7.0. The impacted element is the function cors of the file src/server.ts of the component Token Endpoint. Performing a manipulation results in permissive cross-domain policy with untrusted domains. It is possible to initiate the attack...

PT-2026-33658

A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create origin only middleware of the file server.py. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. T...